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Abstract 

Recently, it has been suggested [3] that device independent ap- 
proaches to quantum key distribution may be of limited utility, since 
standard protocols could leak key to the adversary when devices are 
used repeatedly. We propose a means by which devices with memories 
could be reused from one run of a quantum key distribution protocol 
to the next while bounding the leakage to Eve, under the assumption 
that one run of the protocol could be completed securely using devices 
with memories. 



1 Introduction 

Quantum key distribution protocols allow two distant parties who share 
some small initial key to grow new shared randomness. Proofs of security 
for these protocols make assumptions about the behaviour of the devices 
that the two parties, Alice and Bob, use. Device-independent quantum 
key distribution (DIQKD) [2j [U E] is a concept for protocols that make 
very few assumptions about Alice and Bob's devices for generating their 
classical measurement outcomes. They should be able to certify that they 
have a secure key from the statistics of their measurement outcomes alone, 
however, they still will need to assume that there are no side channels that 
can signal from their private laboratories to an eavesdropper, Eve. DIQKD 
protocols have the important advantage that the measurement devices (and 
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the source of quantum states, the control of which we give to Eve) may not 
operate as intended, but the protocols can still certify whether a generated 
key is secure. 

Here we are interested in removing even more assumptions about the 
operation of the measurement devices: we allow that they may have an 
internal memory that can store arbitrary amounts of quantum or classical 
information, and that they may have been built by the eavesdropper. In this 
very untrusting model, the question of whether the measurement devices can 
be reused has been raised [3] . In this paper, we consider that question, but 
do not consider how DIQKD might be accomplished in a single round of a 
protocol using an adversarial device with memory. 

Our main contribution is to describe an encryption scheme which allows 
Alice and Bob to exchange data which is determined by the devices across 
a public channel without leaking information from the devices to Eve. The 
encryption remains secure even if the devices have complete information 
about Alice and Bob's shared secret keys (generated in previous rounds of 
the protocol) and even if the devices have complete control over the message 
sent. In the context of DIQKD, this allows Alice and Bob to exchange 
parameter estimation and error correction data without the devices leaking 
information about previously generated keys to Eve. This is accomplished 
using locally generated randomness (independent of the devices) and hash 
functions to generate encryption keys. 

The layout of this paper is as follows. In the next section, we specify and 
motivate the security model we are working in. In section O we introduce 
modifications to a DIQKD protocol. In section|3]we describe a hash function 
and prove that it has a property we will need. In section [5] we prove that 
the new protocol is secure over repeated runs and in section [6] look at the 
scaling. Section [7] gives the asymptotic key rate achieved by these bounds. 
In section [8] we discuss how protocol aborts need to be managed and touch 
on the composability implications. 

2 The model 

Alice and Bob share some private randomness and would like to grow more 
key from it using a shared quantum state. However, they do not trust their 
measuring devices or the state; in fact, they assume that Eve has built the 
devices and distributes the quantum state. Let us assume that it is pos- 
sible for them to complete a device-independent quantum key distribution 
(DIQKD) protocol securely in this setting. There is some recent work that 
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supports this assumption [H [9j [10] . They successfully grow some new key 
on which Eve's knowledge is bounded to be less than e, quantified using 
standard trace distance metrics [11]. After this, they would like to reuse 
their devices to grow more key in another round, but the malicious devices 
are allowed to have a memories. As well, all shared randomness used in the 
protocol will be taken from the previously generated keys, and hence is also 
shared with the devices. We would like to know whether Alice and Bob can 
accomplish this. 

We make the standard assumptions of DIQKD. We are working in the 
limit of long keys for each run of the protocol. We assume that the untrusted 
devices can be isolated within Alice and Bob's laboratories, such that they 
can receive arbitrary quantum signals from Eve, but can signal only to 
Alice and Bob and not directly to Eve. We also assume that Alice and 
Bob can both generate trusted randomness locally. Additionally, we assume 
Alice and Bob can perform classical processing privately from the untrusted 
measuring devices in their labs. 

This model was first introduced in [3], where the authors argue that 
Alice and Bob cannot grow further key using the same devices and standard 
protocols. We show how to modify standard DIQKD protocols to eliminate 
side channels related to Alice and Bob's public discussion and show that 
they can still grow new secret key. 

3 The new protocol 

The modifications we propose are restricted to the classical post-processing 
portions of the protocol. The goal of the changes is to prevent the device 
from having a communication channel back to Eve within the protocol itself. 
(We assume no side channels.) 

1. Eve distributes an entangled state pabe to the devices in Alice and 
Bob's labs. Alice and Bob supply random (and independent) lists of 
basis choices to the devices for the series of measurements and the 
devices output the results. 

2. Alice announces her basis selections publicly to Bob. Where they have 
chosen the same basis, the measurement result bit should be correlated 
for Alice and Bob and can become part of the key. When they have 
chosen different bases, they can check for CHSH violation or perform 
other parameter estimations. 
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3. Alice must send to Bob a subset of her outcomes of size i. Since 
the measurement outcomes are fixed by the untrusted devices, these 
randomly chosen outcomes could hide a message from the device to 
Eve about previously grown keys, k' . We call this string m(k, k'), since 
it can also depend on our session encryption key k. Therefore she will 
encrypt it before sending it. 

4. Alice generates a random string r of length n and chooses a string k 
of length n from her store of previously generated keys. She uses a 
specially chosen 2-universal hash function r' = f r (k) = r • k mod 2 l 
(see section H] for details), to generate a new string r' of length I, which 
she bitwise XORs with m(k, k'), to form rh = m(k, k') © r'. She sends 
Bob the result. She also sends him r, publicly. 

5. He uses r and k to recover m(k,k'). He performs parameter esti- 
mation. He sends a similarly encrypted message to Alice containing a 
flag bit indicating abort or not, and if not, a second encrypted message 
containing the detected bit error rate Q, the observed parameters, and 
an appropriate error correction function, along with his parity check 
bits. Bob pads this communication with randomness, so it is always 
of fixed length. If they instead will abort, Bob sends the abort flag 
and random message instead of the error correction information. 

6. Using a publicly chosen hash function they reduce Eve's knowledge of 
the final key below a chosen bound. They discard the session encryp- 
tion key k used in the protocol. 

The intuition behind the modifications is to frustrate the device's ability 
to hide a message for Eve in m. We assume that the devices know the final 
keys, since the raw keys are generated by the devices and Eve can send 
messages to them on the quantum channel. Therefore the device knows k 
the key string we will use to encrypt m. We must ensure that the device 
cannot alter the distribution over k of m, even conditioned on Eve knowing 
r. Eve's information on k is upper bounded by eo as guaranteed by the single 
round DIQKD protocol, so by the properties of 2-universal hash functions, 
the string fh is A-close to uniformly distributed from her perspective. 

4 Aside: 2-universal hash functions 

We now introduce 2-universal hash functions, in order to show that the 
particular function we need is a 2-universal hash function. 
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Definition 1. A 2-universal family of functions J 7 is a family of functions 
f : X —7- y such that, when f is drawn uniformly at random from T , for 
every x\,x 2 £ X 

P(f(xi) = f{x 2 )) = ^ (1) 

Consider the family T = {f a : a € {0, l} n }, a type of family introduced 
in [5], given by 

f a {x) = a-x mod 2 e (2) 

where the multiplication is taken in GF(2 n )Q We modify this definition to 
produce the family T' by introducing an arbitrary function independent of 
a, g : {0, l} n {0, l} n , so that 

f a {x) = (o • x) © g{x) mod 2 e . (3) 

To see that this is 2-universal, let x\ ^ x 2 be given. We wish to count the 
a for which 

(a ■ x\) © g(x x ) = (a ■ x 2 ) @ g(x 2 ) mod 2^. (4) 

Note that taking the expression moduluo 2^ can be seen as taking the i least 
significant bits of the string, and can be expressed as taking the expression 
modulo some element in GF(2 n ). Hence we can rewrite this as 

a ■ (xi © x 2 ) = g(xi) © g{x 2 ) mod 2 e . (5) 

Since x\ ^ x 2 the expression has solutions. Indeed, since multiplying by an 
element of GF(2 n ) is just a bijection on {0, l} n , there is one solution for every 
member of the equivalence class of g(x±)(B g{x 2 ) mod 2^, of which there are 
2 n ~ l members. Hence the fraction of a that are solutions is 2 n ~ i /2 n = 2 e . 
Thus T' is 2-universal. 

Note that it is equivalent to take g(x) to be an £-bit string instead of 
n-bit, since the rest of the bits are dropped in final modulus. 

We have thus shown that T has an interesting property: we can add 
an arbitrary function of x to the family and it is still 2-universal. It is also 
interesting to note that if g is instead a function of a (but not x) then the 
function is again still 2-universal by a similar argument. 

In particular, a and x are bit strings of length n. Choose the standard polynomial 
representations of these bit strings, multiply them together, return the n bit string corre- 
sponding to the product and then take the £ least significant bits as the hash output. 
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5 Proof of main theorem 



Here we use lower case letters to denote classical strings (which may be 
stored in quantum registers) and uppercase letters to denote the registers 
storing the strings. 

Theorem 1. Let k 1 be existing previous keys for use in other applications 
and e > and let $ be the DIQKD protocol, modified according to section^ 
If we have at the start of a run of the new protocol that 



U(nt+a) „ 
PK E ~ Pk q ® PE 



(6) 



where p u \ n > = ^ X^e{o iv» \xa%b) (xa%b\ o,nd f is a particular 2-universal 
hash function taking two bit string inputs of length n and returning a bit 
string of length I such that r' = f(k,r) and let in = m® r' , then after the 
run of the protocol, giving the string in in the register M' to the quantum 
system E: 



<S>(Pkk>abe) ~ p U K™ t+a ) ® Pk^ ® \i \ m )M' ( m \ ® PRE 



< 6 + Sehash + tqkd , (7) 



where e q kd is the security bound for one run of the original DIQKD protocol, 
and ehash = W2 a " n is the error from the hash function in the new protocol. 
Thus application keys and new key are still almost independent of E. 

Suppose before the start of the run of the protocol that Alice and Bob's 
untrusted devices, which have quantum memory registers A' and B', have 
been used to generate some previous key, which we divide into two parts: 
the session key k to be used for the next run, and the application keys k' , 
which Alice and Bob will use (or have already used), for example, to send 
one-time-pad encoded messages, authenticate protocol messages, etc. 

We wish to bound the distance of the final state to the ideal uniform 
tensor product form independently for each message m that the box, A', 
might send to Eve. If it is small for all messages, then it is small for any 
combined strategy. We want: 



Vm, \ 



U(a) 
PK'EM — P K i 



PEM 



< 62 



(8) 



We observe that the message, m, is of length t bits. If we give the 
message to Eve, it cannot contain more than i bits of information on the 
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session key k, which is n > I bits long. Suppose in one round we can grow 
a key ko, secure from Eve. Eve's state with Kq before the protocol had the 
property given in equation ([9]) and notice that p U j}™ t+a ^ = <S> if 

the session key \k) € Hk and the applications key \k') G Hk' are taken by 
partitioning \k§) £ Hk ®T~Lk' ■> and where rit = n + n' + n" which is the total 
amount of encryption key needed for the three messages in the protocol, one 
from Alice and two from Bob. 

Now in the new run of the protocol, which will need to encrypt the 
classical data output by the devices, Eve will distribute the quantum state 
to Alice and Bob, so 



U(n t ) „ Met) „ 
PKK'A'B'E - P K ® Pk> ® PA'B'E 



1 



< e , (9) 



Then let the operation of the new protocol be the superoperator <&(•). Acting 
on a state that has ideal uniform keys, it will have the following property: 



®{P K ®Pk>® PA'B'E 

2 (£+£') 



U(n t +a') U(a) „ 1 i - \ / - | „ 

Pk\ ® Pjf' ® 9(W /) 2^ A/' ( m l ® CTA'B'ER 



in 



1 

< 3ehash + e q kd • (10) 



This is the case because firstly, we assume that the device independent 
quantum key distribution protocol produces independent keys, at least up 
to e qkd and because of the Leftover Hash Lemma. The factor of 3 is due 
to Alice encrypting one message for Bob, and Bob encrypting two messages 
(the one-bit abort flag and the error correction information) for Alice. First 
consider Alice's message. Suppose k is a perfect key. Then, we can safely 
say for all messages, m, of length I: 

H min (K\EmK') > n - £ . (11) 



The Leftover Hash Lemma against quantum side information [12] states that 
for a 2-universal hash function with output Z, input X, and seed R 

A(Z\ER) < e + ^V2 i - H ^\E) , (12) 

where the distance from uniform, A, is given by 

A(A\B) p = rnin^ \\ pAB -u A ®o B \\ x . (13) 
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Applying this to our hash using a perfect key we get 
A(R'\EmK'R) < ±V¥^ := e hash , 

which gives a bound when n > 21. 

We can equivalently write this, for all m, fixing m, as: 



(14) 



1 

min — 

a A'B'ERM 2 



U ( n ) o> 

Pk* ® Pr'A'B'mre 



PA'B'ERM 



< £hash ■ (15) 



The string Eve will intercept on the classical channel between Alice and Bob 
is the XOR of r' and m : both classical strings, so that the register R' now 
holds the classical state which is a distribution over strings rh. Let us relabel 



register R' as M' . Now make a change of variable r' 



m 



m. Since 



r' is uncor related to m, E, R, K' , then rh is also, and runs uniformly over all 
possible strings since r' did and m is fixed. Tracing out M can only reduce 
the trace distance so we have: 



1 



mm — 

^A'B'KR 2 



U(n) 

Pk> 



PM'A'B'RE 



Pk^ ® Tl ^2 \ m ^M' ( m \ ® VA'B'ER 



< £hash • (16) 



We then combine this with the device independent QKD protocol for a single 
round to get the map $>(•) and equation (jlOp . noting that Alice and Bob will 
both send messages, and assuming the same security level ehash is chosen for 
each. 

Now, we do not have a perfect key initially, instead we have the bound in 
equation ©. Applying the superoperator $ to both states in the expression 
cannot increase the distinguishability of the states, therefore: 

' ^(pkk'A'B'e) ~ ^{p U K nt) ® Pk^ 



< 



(17) 



By the triangle inequality using equations (|17h and (llOp 

1 



Hp 



KK'A'B'E) 



U(n t +a>) 



Ma) 

Pk> 



m 



i (m\ (8) Pre 



< e + 3e hash + e q kd • (18) 



So, even after Eve gets the message, her systems are still almost inde- 
pendent of the state held in K' and the new key in K±, provided n > 21, 
n' > 2, and n" > 21" for Alice and Bob's hashes. 
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6 Composing rounds of the new protocol 



In the previous section, we saw that reusing untrusted devices in a new 
round of QKD using the new protocol caused an increase in the security 
parameter of the new and old keys by 3eh as h + Cqkd- For comparison, it 
the devices were trusted, and the original DIQKD protocol was used, this 
parameter would only have grown by e q kd- 

Then composing s rounds of successful key growth together, in the worst 
case the errors can add: 



U«) ^ U{n t +a' s ) ^U(a)^ 1 

2 s 



$® s (pkk>A'b>e) - (g) pZ° ® PkT ® Pk> ® 7& \™)m> H ® PRE 

< e + 3se has h + se qkd , (19) 



so each additional round can add at most 3eh a sh + e qkd to Eve's information 
on the previously grown keys. 

Notice that if an abort occurs in round i, the new key p^ nt+a ^ is not 
obtained for that round and will not appear in that expression. However, 
Alice and Bob still sent two encrypted messages to each other in that round, 
in order to learn that their error rate was above threshold. Therefore, they 
still must add 2eh as h for that round, though not e q kd- This means that the 
security parameter will grow even on aborted rounds. 

In practice, Alice and Bob should choose a maximum tolerated security 
loss of all of their keys e sec . This will determine the number of rounds they 
would be able to grow key in. They should agree to this number of rounds 
when they begin to use their devices, then stop using and securely destroy 
the devices after that many rounds. They do not wish to leak information 
to Eve about the number of rounds that have aborted. (See section [8] for 
further discussion.) 



7 Asymptotic secret key rate 

The application key rates achievable with this protocol modification will 
depend on the key rate of the underlying DIQKD protocol used, and nt the 
number of bits of the generated key that need to be used as the session keys 
for Alice and Bob's encrypted messages in the next round, and therefore 
cannot be used in other applications. 

Since we do not know which DIQKD protocol can be used when the 
devices have memories, we remain agnostic about the exact rate, however, 
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we can assume it would take a form: 



r>f(S ohs )-H(A\B) 



(20) 



for some function / with S^bs an observed parameter (eg. a Bell-inequality 
violation) which is what is achieved by current protocols against memoryless 
devices [TJ [6] . 

In this new protocol, we do not need to remove the amount of com- 
munication H(A\B) required for error correction, since this is encrypted. 
However, we will remove the amount of key required to encrypt the next 
round's communication. We now consider how much key this requires. From 
section [5j we have: 



Then n — 2£ = 0{— log(ehash)), so for a constant security parameter 
fhashj the key length, n, needs only exceed twice the message length, 2£, by 
a constant number of bits. 

Now we must determine how large the total amount of encrypted infor- 
mation sent between Alice and Bob must be asymptotically. Suppose the 
sifted key length in one round is N. The parameter estimation message from 
Alice to Bob must contain the bit values of an 0(log iV)-size subset of this 
string in order to achieve an estimation error approaching zero. As N — > oo 
the fraction of signals this represents goes to zero. Bob must send to Alice 
his error correction function results, the size of which will depend on the er- 
ror rate Q. The amount of communication required will be Nh(Q) + /(egc) 
bits, where h(-) is the binary entropy and /(eEc) is a function of the security 
parameter for the error correction (eEC < £prev) that does not depend on 
N. Therefore as N — > oo this also is negligible. Finally, Bob's abort flag 
requires a constant sized key. Then we can see how the asymptotic key rate 
will change as compared with the original version of the protocol, 



Notice that asymptotically the key rate does not fall as aborts occur, since 
in an abort, Bob will send the encoded abort flag, but will not encode 
the H(A\B) bits of error correction information and rather save his key by 
sending a string output by his random number generator instead. In the 
finite key regime however, it is clear that aborts will reduce the amount of 
generated key that can be used in other applications. 



^hash 




2 (n-2*)/2+l 



1 



(21) 




(22) 
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8 Aborts 



It may happen that on some rounds Alice and Bob must abort the protocol. 
However, since the devices A' and B' can cause an abort even on a "good" 
state pa'B'E-, they can use this as a pretext to signal to Eve, as was ob- 
served in [3]. Therefore, Alice and Bob must hide aborts when they occur. 
As explained in section O they can do this since they have encrypted the 
parameter estimation bits and will also encrypt Bob's signal as to whether 
or not to abort. If they abort, they pretend to continue the protocol, but 
instead of exchanging encrypted information to perform error correction, 
they send random strings. In this round they do not gain any additional 
key, but also Eve does not learn that they aborted. 

Another concern is that it is possible for the boxes to conduct a denial- 
of-service attack until Alice and Bob run out of key. If this should occur 
before the number of rounds that Alice and Bob had agreed to use the 
devices for, this would also constitute a signal to Eve. They must hide 
this also, so should it occur, Alice and Bob should simulate the remaining 
rounds of key growth (sending each other random strings) and then destroy 
the adversarial boxes securely. This is not a foolproof solution however, 
since in the meantime Alice and Bob may need to communicate privately. 
Thus at some point they will be forced to re-key and there is no reason to 
assume Eve will not notice this. Therefore, it is conceivable that she may 
gain some information from the fact that this has happened and it seems 
there is no way to completely avoid that, though Alice and Bob could keep 
a piece of their initial authentication key from before the first round against 
this eventuality. (This is similar to the case in trusted-device QKD when 
Eve executes repeated denial-of-service attacks on Alice and Bob until they 
run out of key.) 

It appears that in this model we cannot think about each run of the 
device independent protocol as a stand-alone element in a universal com- 
posability scheme, in which it is public information how much key they have 
at any given time. Alice and Bob certainly do not want to output on each 
round whether they succeeded or failed in obtaining key. This may lead to 
additional considerations. For example, the adversary may expect Alice and 
Bob to send a one-time-pad encoded message at a particular time during 
the multi-round life of the devices when they do not have key available to 
devote to the purpose. If this occurs they can still avoid leaking informa- 
tion to the adversary by sending a random string of the appropriate length 
instead. (However, this does not accomplish the communication task Alice 
and Bob presumably wished to accomplish.) Note that in this case, Alice 
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and Bob have to consider their quantum key distribution in the wider setting 
in which it is employed to avoid leaking information. Nevertheless, when 
key is generated in the DIQKD scheme, the resulting key is secure under 
the trace distance definition given in 

9 Conclusions and comments on the model 

This model of DIQKD gives a lot of power to the eavesdropper, since Eve is 
allowed to prepare Alice and Bob's measuring devices. It is more restrictive 
to Alice and Bob than other models currently used to describe untrusted 
device scenarios, where their devices may have manufacturing flaws, but 
are assumed not to be outright malicious. Those models more realistically 
represent most cryptographic scenarios today, wherein perhaps a user does 
not understand the cryptography implemented by his web browser, but he 
downloaded an authenticated copy from a legitimate business. The business 
may not have correctly implemented the security, and this is what DIQKD 
would try to protect against, but it also does not benefit from gaining a 
reputation for selling users' credit card information to Eve. 

However, this less-trusting model is interesting, first, because it provides 
bounds for what is possible in other more-trusting DI scenarios, and second, 
because despite its restrictions, QKD can still be performed without much 
loss of performance. We have introduced a small modification to a DIQKD 
protocol, that allows untrusted and malicious devices to be used in repeated 
round of secure key growth. It is interesting to note that the only part of the 
protocol that required modification was the classical post-processing. That 
suggests that perhaps existing QKD protocols could be adapted to other 
new models readily, simply by considering this portion carefully. 

There remain some open questions. We note that our bounds are most 
likely not tight. It seems likely that a better asymptotic key rate can be 
obtained, but it is also clear that this new protocol will not exactly achieve 
the rate of the original DIQKD protocol (one that does not worry about 
reused untrusted devices). There will be some overhead. It would also be 
nice to fit this type of protocol into a composability framework, although 
it is not clear how to do that in existing frameworks. Additionally, there 
may be other modifications that could be made to existing protocols that 
accomplish this same task more efficiently. 
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